The purpose of the Privacy Policy of Fiziosan d.o.o. (hereinafter referred to as the “Privacy Policy”) is to inform users of the services of Fiziosan d.o.o. and other persons (hereinafter also referred to as “individuals”) about the purposes and basis of the processing of personal data by Fiziosan d.o.o., Ptujska ulica 19, 1000 Ljubljana (hereinafter referred to as the “Company”) and the rights of individuals in this area. The Company takes special care of the security of your personal data. All personal data provided is treated confidentially and is used only for the purpose for which it was provided. Your personal data is handled with the utmost care, taking into account the applicable legislation and the highest standards of treatment. We ensure the security of your personal data by, among other things, appropriate organisational measures, work procedures and advanced technological solutions, as well as by using external experts in order to protect your personal data as effectively as possible. In doing so, we use an appropriate level of protection and reasonable physical, electronic and administrative measures to safeguard the personal data collected against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or unauthorised access to, personal data that has been transmitted, stored or otherwise processed.
At the same time, this Privacy Policy further clarifies the consent you have given to the processing of your personal data.
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation”), the Privacy Policy contains the following information:
Personal data collected by the company
If you are only a visitor to the website, we only collect information about you using cookies. If you are a user of services or a subscriber to services provided by a company, we also collect other personal data about you that we need to provide the services you have subscribed to or use. This personal data includes:
Controller of personal data
The controller of the personal data processed in accordance with this Privacy Policy is Fiziosan d.o.o.
This Privacy Policy is for anyone who has ordered and/or used our services, or made an enquiry, as well as those who visit our website.
Purposes of processing and grounds for processing
Processing on the basis of a contract:
In the context of the exercise of contractual rights and the performance of contractual obligations, the company processes your personal data for the following purposes: to identify you, to prepare a quotation, to conclude a contract, to provide you with the services you have ordered, to inform you of any changes, additional details and instructions for the use of the services, to resolve any technical problems, objections or complaints, to bill you for the services, and for any other purposes necessary for the performance or conclusion of the contractual relationship between the company and the individual.
When billing for services, we also obtain and process your address for the correct invoicing, based on the tax rules.
Processing based on the law:
We use your personal data on the basis of legitimate interest to detect and prevent fraudulent use and misuse of the services, further to ensure the stable and secure operation of our systems and services, as well as for the purposes of implementing information security measures, meeting quality of service requirements and detecting technical malfunctions of systems and services.
We also use your personal data for the purposes of possible enforcement, judicial and extrajudicial recovery on the basis of legitimate interest.
In accordance with the General Regulation, in the event of suspected abuse, the company may process data about individuals to an appropriate and proportionate extent for the purpose of identifying and preventing possible fraud or abuse and may, if appropriate, also share such data with other providers of such services, business partners, the police, public prosecutors or other competent authorities. For the purpose of preventing future abuse or fraud, data on the history of identified abuse or fraud in relation to an individual, which may include data on the subscription relationship and, for example, the IP address, may be retained for five years after the termination of the business relationship.
Processing based on consent to the processing of personal data:
The processing of data may also be based on your consent provided to the company.
For example, consent can relate to information about offers, benefits and improvements to the services provided by the company. The purpose of such communication is to make the services as close as possible to your needs and preferences and thereby increase their useful value for you. The communication is carried out through the channels you have chosen by consent. You may withdraw your consent at any time in the manner set out in the Privacy Policy.
You may withdraw or modify your consent at any time in the same manner in which you gave it or in any other manner as defined in the Privacy Policy, subject to the Company’s right to identify the customer. Changes to your consent may be arranged, among other things, by email to info@fiziosan.si or by written request to the Company’s registered office.
Withdrawal or modification of consent applies only to the data processed on the basis of your consent. The last consent we received from you is valid. The possibility to withdraw consent does not constitute a right of withdrawal in the individual’s business relationship with the company.
In the absence of revocation, the data for which your consent is given will be processed for up to two years after the termination of the business relationship with the company.
Restrictions on disclosure of personal data
Where necessary, we will commission other companies and individuals to carry out specific work that contributes to our services. In such case, we may also provide personal data to such carefully selected external processors who will enter into a personal data processing agreement, or a substantially identical agreement or other binding document (a “Processing Agreement”) with us. We will only provide or make available to such external processors such data to the extent required by the specific purpose. Such data may not be used by the external processor for any other purpose, subject at a minimum to compliance with all standards of processing of personal data provided for by applicable law. External processors are contractually bound to respect the confidentiality of your personal data.
Upon a reasoned request, companies shall also provide personal data to the competent state authorities which have a legal basis to do so. For example, Fiziosan d.o.o. will respond to requests from courts, law enforcement authorities and other state authorities, which may include state authorities of another EU Member State.
Period of retention of personal data
The retention period is determined according to the category of the individual data. We retain data for no longer than is necessary to achieve the purpose for which they were collected or further processed or until the expiry of the limitation periods for compliance with the obligation or the statutory retention period.
For the purpose of fulfilling contractual obligations, billing data and related contact details of individuals may be retained until full payment for the service has been made, or at the latest until the expiry of the statute of limitations on the individual claim, which may by law range from one to five years. Invoices shall be kept for 10 years after the end of the year to which the invoice relates in accordance with the law governing value added tax.
Other data obtained on the basis of your consent is retained for the duration of the business relationship and for 2 years after termination, unless a longer retention period is provided for by law. If the individual who has given consent to the processing of personal data has not entered into a business relationship with us, his or her consent is valid for 2 years from the date on which it was given or until it is withdrawn.
After the retention period has expired, the data will be deleted, destroyed, blocked or anonymised, unless otherwise provided by law for a specific type of data.
Rights of Individuals in relation to the processing of personal data
We ensure that your rights in relation to the processing of your personal data are exercised without undue delay. We will decide on your request within one month of receiving your request. In case of complexity and a large number of requests, we may extend the time limit by up to two additional months. If we extend the deadline, we will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.
Requests concerning the exercise of your rights are accepted by email to info@fiziosan.si or by post to Fiziosan d.o.o., Ptujska ulica 19, 1000 Ljubljana.
Where you make a request by electronic means, we will, where possible, provide you with the information by electronic means, unless you request otherwise.
Where there is reasonable doubt as to the identity of the data subject making a request in relation to any of his or her rights, we may require the provision of additional information necessary to confirm the identity of the data subject.
If the data subject’s requests are manifestly unfounded or excessive, in particular because they are repetitive, the company may:
– charge a reasonable fee, taking into account the administrative costs of providing the information or communication or of carrying out the requested action; or
– refuses to act on the request.
We provide you with the following rights in relation to the processing of your personal data:
(i) the right of access to data
(ii) the right to rectification
(iii) the right to erasure (‘right to be forgotten’)
(iv) the right to restrict processing
(v) the right to data portability
(vi) the right to object
(i) the right of access to data
You always have the right to know whether personal data concerning you is being processed and, if so, to have access to your personal data and to the following information:
– the purposes of the processing,
– the types of personal data processed,
– the users or categories of users to whom personal data have been or will be disclosed,
– the envisaged period of retention of the personal data or, if this is not possible, the criteria to be used to determine that period,
– the existence of a right to request the controller to rectify or erase personal data or to restrict the processing of your personal data, or the existence of a right to – object to such processing,
– the right to lodge a complaint with the supervisory authority,
– where the personal data is not collected from you, any available information regarding its source.
(ii) the right to rectification
You have the right to have inaccurate personal data concerning you rectified without undue delay and, taking into account the purposes of the processing, the right to have incomplete personal data completed, including by submitting a supplementary declaration.
(iii) the right to erasure (‘right to be forgotten’)
You have the right to have your personal data erased without undue delay where one of the following applies:
– where the personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
– where you withdraw the consent on the basis of which the processing is carried out and there is no other legal basis for the processing,
– where you object to the processing of data and there are no overriding legitimate grounds for processing,
– where personal data have been unlawfully processed,
– where personal data must be erased in order to comply with a legal obligation under EU or Slovenian law.
(iv) the right to restrict processing
You have the right to have us restrict the processing of your personal data where one of the following applies:
– where you contest the accuracy of the data, for a period which allows us to verify the accuracy of the personal data,
– the processing is unlawful and you object to the erasure of your personal data and request instead that its use be restricted,
– we no longer need your personal data for the purposes of the processing, but you need it to assert, exercise or defend legal claims,
– if you have raised an objection to processing based on the legitimate interests of the company, until it is verified that our legitimate grounds override yours.
Where the processing of your personal data has been restricted in accordance with the preceding paragraph, such personal data shall, with the exception of their storage, be processed only with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.
We are obliged to inform you before revoking the restriction on the processing of your personal data.
(v) the right to data portability
You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format and the right to transmit that data to another controller without hindrance from the company, where the processing is based on your consent and the processing is carried out by automated means. At your request, where technically feasible, personal data may be directly transferred to another controller.
(vi) right to object
Where we process your data on the basis of legitimate interest for marketing purposes, you may object to such processing at any time.
We will stop processing your personal data unless we can demonstrate compelling reasons for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Right to lodge a complaint concerning the processing of personal data
Any complaint regarding the processing of your personal data may be sent to info@fiziosan.si or by post to Requests regarding the exercise of your rights are accepted by email to info@fiziosan.si or by post to Fiziosan d.o.o., Ptujska ulica 19, 1000 Ljubljana.
If we do not decide on your request within the statutory time limit or if we refuse your request, you have the right to lodge a complaint with the Information Commissioner.
You also have the right to lodge a complaint directly with the Information Commissioner if you believe that the processing of your personal data violates Slovenian or EU data protection laws.
If you have exercised your right of access to data and, after receiving a decision, you consider that the personal data you have received is not the personal data you requested or that you have not received all the personal data requested, you may lodge a reasoned complaint with the company within 15 days before lodging a complaint with the Information Commissioner. We must decide on your complaint as a new request within five working days.
Final provisions
Anything not covered by this Privacy Policy shall be governed by applicable law.
The Company reserves the right to change this Privacy Policy. We will notify you of the change by posting it on the official website www.fiziosan.si 30 days before it becomes effective.
If you have any questions about this Privacy Policy or the information we hold about you, please contact us at info@fiziosan.si.
Privacy Policy in force
This Privacy Policy is published on the website of Fiziosan d.o.o. and will come into force on 01.01.2024.
